Skip to content

feat: leverage pgbouncer's auth_dbname#4939

Closed
phisco wants to merge 1 commit intocloudnative-pg:mainfrom
phisco:dev/1383
Closed

feat: leverage pgbouncer's auth_dbname#4939
phisco wants to merge 1 commit intocloudnative-pg:mainfrom
phisco:dev/1383

Conversation

@phisco
Copy link
Contributor

@phisco phisco commented Jun 24, 2024

Fixes #1383.

An initial draft implementation to discuss

@phisco phisco changed the title feat: leverage auth_dbname for pooler feat: leverage auth_dbname for poolers Jun 24, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Jun 24, 2024

❗ By default, the pull request is configured to backport to all release branches.

  • To stop backporting this pr, remove the label: backport-requested ◀️ or add the label 'do not backport'
  • To stop backporting this pr to a certain release branch, remove the specific branch label: release-x.y

@cnpg-bot cnpg-bot added backport-requested ◀️ This pull request should be backported to all supported releases release-1.22 release-1.23 labels Jun 24, 2024
@phisco phisco changed the title feat: leverage auth_dbname for poolers feat: leverage pgbouncer's auth_dbname Jun 24, 2024
@phisco phisco force-pushed the dev/1383 branch 2 times, most recently from aa6fe60 to 73001fa Compare June 30, 2024 11:55
@phisco phisco marked this pull request as ready for review June 30, 2024 12:32
@phisco phisco requested review from a team and jsilvela as code owners June 30, 2024 12:32
@phisco phisco requested a review from gbartolini June 30, 2024 12:32
@phisco
Copy link
Contributor Author

phisco commented Jul 2, 2024

/test limit=local

@github-actions
Copy link
Contributor

github-actions bot commented Jul 2, 2024

@phisco, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/9756580441

@phisco @sxd
feat: leverage auth_dbname for pooler
60491c9 
Signed-off-by: Philippe Scorsolini <[email protected]>
leonardoce added a commit to leonardoce/cloudnative-pg that referenced this pull request Sep 26, 2025
@leonardoce
feat: use auth_dbname option in PgBouncer
ee90414 
Previously, CloudNativePG configured authentication by creating a
`user_search` function in every accessible database and granting CONNECT
privileges to the PgBouncer auth_user.

This patch simplifies the process by using the `auth_dbname`
configuration option, so that PgBouncer runs its authentication queries
only against the `postgres` database. This results in a simpler
reconciliation loop with no extra connections required for other
databases.

Closes: cloudnative-pg#4939

Signed-off-by: Leonardo Cecchi <[email protected]>
@leonardoce leonardoce mentioned this pull request Sep 26, 2025
Merged
@leonardoce
Copy link
Contributor

leonardoce commented Sep 26, 2025

#8671 is an alternative and simpler implementation of this concept, that doesn't allow the user to change the name of the database where the user_search function is created. It may be used as a starting point or just to encourage discussion.

@gbartolini
Copy link
Contributor

gbartolini commented Sep 26, 2025

#8671 is an alternative and simpler implementation of this concept, that doesn't allow the user to change the name of the database where the user_search function is created. It may be used as a starting point or just to encourage discussion.

I really like it. We should not need that feature. The goal of the auth_dbname option in PgBouncer that we both developed, was finalised to use it against the postgres database only in CloudNativePG, in order to reduce the maintenance burden of the reconciliation loop.

This is already a big improvement.

@gbartolini
Copy link
Contributor

gbartolini commented Sep 26, 2025

Closing this as replaced by #8671

@gbartolini gbartolini closed this Sep 26, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 26, 2025

❗ By default, the pull request is configured to backport to all release branches.

  • To stop backporting this pr, remove the label: backport-requested ◀️ or add the label 'do not backport'
  • To stop backporting this pr to a certain release branch, remove the specific branch label: release-x.y

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsilvela jsilvela Awaiting requested review from jsilvela jsilvela is a code owner

@gbartolini gbartolini Awaiting requested review from gbartolini

Assignees

No one assigned

Labels

backport-requested ◀️ This pull request should be backported to all supported releases release-1.25 release-1.26 release-1.27

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Introduce support for auth_dbname in pgbouncer

7 participants

@phisco @leonardoce @gbartolini @mnencia @sxd @fcanovai @cnpg-bot